Why am I unable to connect to a Splunk API URL fro...

vw5qb73 · ‎06-14-2016

Hi

I am trying to connect to Splunk API from a different VM.

My API command works when I run this as localhost to the search head VM. If I replace localhost with the IP or VM name of search head, and try to run curl, it won't connect.

Telnet to 8089 port says connection refused

splunksrch01:/tmp # curl -k -u user:pwd -d "search=search host=pc* earliest=-1h@h | chart count by host" https://localhost:8089/services/search/jobs/

Above command works if on search head.

But if run this from another VM by replacing localhost with search head IP, it won't work:

curl -k -u user:pwd -d "search=search host=pc* earliest=-1h@h | chart count by host" https://XX.XX.XX.XX:8089/services/search/jobs/
curl: (7) couldn't connect to host

Pls help
Is it because 8089 port is not opened? or something else?

ryanoconnor · ‎06-14-2016

Correct you're going to want to make sure there is a route from that VM to the Splunk Search Head and that port 8089 is opened on the Search Head. If you can't telnet on that port, than you have some sort of networking issue going on.

Why am I unable to connect to a Splunk API URL from an external VM by replacing localhost with the search head IP?

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!